Security for Camel GAE Applications

Securing GAE applications from unauthorized access is described in the Security and Authentication section of the Google App Engine documentation. Authorization constraints are declared in the web.xml. This applies to Camel applications as well. In the following example, the application is configured to only allow authenticated users (in any role) to access the application. Additionally, access to /worker/* URLs may only be done by users in the admin role. By default, web hook URLs installed by the gtask component match the /worker/* pattern and should not be accessed by normal users. With this authorization constraint, only the task queuing service (which is always in the admin role) is allowed to access the web hooks. For implementing custom, non-declarative authorization logic, Camel GAE applications should use the Google Accounts Java API.